SEC-335 Eth. Hacking & Pen. Testing

Course Overview

Course: SEC-335 Eth. Hacking & Pen. Testing
Semester: SP23
Professor: Mackenzie Marsocci

Course Description

Operating Systems and internet-based applications are common sources of security breaches. Students will learn about the information security flaws in software systems, vulnerabilities inherent in common network services, ways to secure Internet servers and services, increasing security awareness in organizations. Students will also learn the methodologies and tools used to probe networks for vulnerabilities and propose solutions. Hands on activities will give the necessary background to assess security. Scenarios will provide opportunities to discuss security, ethics, and incident response.

Labs

• Lab 2.1 Port Scanning 1
• Lab 2.2 Port Scanning 2
• Lab 3.1 Powershell and DNS
• Lab 3.2 DNS Uses both UDP and TCP
• Lab 5.1 Password Guessing
• Lab 6.1 Cracking Linux Passwords with JtR and Hashcat
• Lab 7.1 Exploiting pippin.shire.org
• Lab 8.1 Weevely
• Lab 8.2 Reverse Shell
• Lab 9.1 Exploit Gloin
• Lab 10.1 Linux - Permission Vulnerabilities
• Lab 10.2 Exploiting nancurunir
• Lab 11.1 Metasploit
• Final Bree

Assignments

• Assignment 1.2 The Kali Virtual Machine
• Assignment 2.1 Host Discovery
• Assignment 3.1 DNS Enumeration
• Assignment 4.1 Exploiting Cupcake
• Assignment 5.1 Breaking into Kali

References/Notes

• NMAP
• Metasploit
• Active & Passive Recon
• Shodan
• The Harvester
• Metagoofil
• CEWL
• RsMangler
• Hydra
• DIRB
• FFUF
• John the Ripper
• Hashcat
• Full Terminal
• Reverse Shells